XS-01 // KEYNOTE
AI SUMMIT 2026
Xecura
AI Summit 2026
// CISO KEYNOTE · AI SUMMIT 2026

THE SPEED GAP:
WHEN ATTACKERS
MOVE FASTER THAN YOUR SOC.

Agentic AI and the End of Manual Defense

The era of human-speed defense is over. Autonomous AI agents now attack, pivot, and exfiltrate faster than any SOC can respond. This is not a warning about the future — it is a diagnosis of right now.

DETECT
DISCOVERY
FIND
HUNT
REMEDIATE  //  PATCH
AUTONOMOUS · CONTINUOUS
ENGAGEMENT: ACTIVE
TARGET: 10.42.0.0/16 · 00:17:42
▎AGENT STREAM
[00:14:03] ENUM Host 10.42.3.17 :: 22,80,445
[00:14:21] FP SMB signing: disabled
[00:15:02] HYPOTH Lateral via SMB relay
[00:15:40] EXEC ntlmrelayx.py → 10.42.3.42
[00:16:08] SHELL NT AUTHORITY\SYSTEM on FILES-01
[00:16:45] LOOT Secrets dumped: 12 creds
[00:17:12] CHAIN Kerberoast tgt-ACCT01
[00:17:40] OWN Path to Domain Admin
▎FINDINGS · 04
F-001 · CRITICAL
CVSS 9.8
SMB Relay → Domain Admin
F-002 · HIGH
CVSS 8.1
Kerberoastable service account
F-003 · HIGH
CVSS 7.5
Unsigned SMB on 14 hosts
F-004 · MEDIUM
CVSS 6.2
LDAP signing not enforced
XECURA.AI  //  THE SPEED GAP  //  AI SUMMIT 2026
XS-02 // SPEAKER
KEYNOTE SPEAKER PROFILE
Kholif Faiz Maruf
// KEYNOTE SPEAKER
Kholif Faiz Maruf
CISO · Xecura.ai
SPEAKING LIVE · AI SUMMIT 2026
// CHIEF INFORMATION SECURITY OFFICER

Kholif Faiz Maruf

CISO
CYBERSECURITY LEADER
20+ YEARS
Cybersecurity leadership professional with over 20 years of hands-on experience spanning red teaming, threat intelligence, and executive security strategy. BSSN Cryptography Expert Trainer · Architect of Cracking Machine using FPGA & Massive Parallel Computing · Asymetric Cryptography Expert in Xignature · Senior Consultant in SciEngines GmbH — and a driving force behind Agentic Cybersecurity as a Service at Xecura.ai.
20+
Years in
Cybersecurity
CISO
Executive
Security Leader
AI
Agentic Security
Pioneer
CR
Cryptography
Expert
// DOMAINS OF EXPERTISE
  • Agentic AI & Cybersecurity
  • Threat Intelligence & Dark Web Ops
  • Red Team & Offensive Security
  • Security Architecture & Strategy
  • Governance, Risk & Compliance
// CURRENT ROLES
Xecura.ai
Chief Information Security Officer
BSSN
Cryptography Expert Trainer
SciEngines GmbH
Senior Consultant
🌐 kholiffaiz.com
✉ kholif.faiz@xecura.id
AI SUMMIT 2026
XS-03 // ORIGIN
MYTHOS: THE PARADIGM SHIFT BY ANTHROPIC
// PROJECT GLASSWING · 7 APRIL 2026 · ACCESS RESTRICTED
LIVE RESTRICTED

Claude Mythos — too dangerous for the public.
Project Glasswing races to patch first.

Anthropic's most capable model — above Opus — identified over 1,000 zero-days autonomously across every major OS and browser. Not released to the public. Partners race to fix critical infrastructure before adversaries build the same.

0+
Zero-days found autonomously
Anthropic · red.anthropic.com · 2026
$0M
Glasswing model usage credits
Anthropic · Project Glasswing · 2026
0+
Organizations with access
12 launch partners + 40+ additional orgs
0yr
Oldest vuln found — OpenBSD
Anthropic Mythos Preview Report · 2026
// WHAT MYTHOS & PROJECT GLASSWING REVEALED
Autonomous Exploitation
Discovers, chains & exploits zero-days — no human input.
FreeBSD RCE · 17 Years
Root-level RCE hidden for 17 years — found and exploited autonomously.
99% Still Unpatched
Over 99% of findings remain unpatched. The backlog is overwhelming.
The Race Has Begun
EU & White House on alert. Adversaries without safety constraints are building the same.
The model is locked. But the race to build an unlocked equivalent has already begun. — TechCrunch · Axios · WEF · Dark Reading · Forrester
XS-04 // THREAT BRIEFING
THE NEW THREAT REALITY
// THREAT INTELLIGENCE BRIEF · Q1 2026

The attack surface is no longer static.

Every metric has worsened. AI-powered adversaries now operate at machine speed — continuous, adaptive, and ruthlessly efficient.

0%
AI-powered phishing surge
SlashNext State of Phishing 2025 - Q1 2026
$0.00M
Avg. cost of a data breach
IBM Cost of Data Breach 2025 - Q1 2026
<0h
Time-to-exploit post-CVE with AI
Mandiant M-Trends 2026
0days
Average breach dwell time
IBM Cost of Data Breach 2025 - Q1 2026
// ATTACKER PROFILE 2026: FULLY AGENTIC
Autonomous Recon
AI agents map your entire attack surface in minutes — not days.
Zero-Day Synthesis
LLMs discover and weaponize vulnerabilities before signatures exist.
Social Engineering at Scale
Hyper-personalized phishing campaigns generated in real time.
24/7 Persistence
Attackers never sleep. Their agents probe your network continuously.
The adversary has already deployed AI. The question is, have you?
XS-05 // CONTEXT
THE AGENTIC REVOLUTION
// WHAT IS AN AI AGENT?

AI that doesn't just respond — it acts.

// HOW AGENTS THINK
01
Perception
Reads context and environment — unprompted.
02
Reasoning
Plans, adapts, and thinks laterally.
03
Action
Executes via real tools — autonomously.
In the Agentic Era, the only adequate defense is an agentic one.
Agentic AI systems can plan multi-step goals, use tools, browse networks, write and execute code — and learn from every interaction. Without human instruction.
XS-06 // DOCTRINE
THE FIVE PRINCIPLES OF AGENTIC SECURITY
// LEGACY SECURITY CANNOT SURVIVE THE AGENTIC ERA
You are fighting a Formula 1 car with a bicycle.
Every day you operate without agentic defense is a day your adversaries have a structural advantage. The gap does not close by itself.
// THE NEW SECURITY DOCTRINE FOR THE AGENTIC ERA

Fight intelligence with intelligence.

01
Continuous
Over Periodic
Security is not a quarterly event. Threats exist every second — your defense must too. Annual pentests are photographs of a river that never stops flowing.
02
Autonomous
Over Manual
AI agents attack at machine speed. Human-speed response is inherently inadequate. Autonomous defense agents respond in seconds, not hours.
03
Adaptive
Over Rule-Based
Static rules are dead the moment a novel attack emerges. Agentic defense systems reason and adapt — they don't wait for a signature update.
04
Intelligence-Led
Over Alert-Driven
Don't drown in 10,000 alerts per day. AI agents correlate, prioritize, and act on what actually matters — giving your team signal, not noise.
05
Platform
Over Patchwork
37 disconnected tools create 37 blind spots. A unified agentic security platform provides complete, coherent, and coordinated protection across your entire estate.
These are not best practices. They are survival requirements.
XS-07 // SOLUTION
INTRODUCING XECURA.AI
Xecura
AGENTIC CYBERSECURITY AS A SERVICE
// THE PLATFORM BUILT FOR THE AGENTIC ERA


Built for the era
where the attacker
never stops.

Five purpose-built AI agents. One unified platform. Continuous protection across your entire digital estate — detection, response, compliance, red teaming and threat intelligence. All autonomous. All connected.

DETECT IN SECONDS
RESPOND AUTONOMOUSLY
ATTACK CONTINUOUSLY
COMPLY ALWAYS
XECURA PLATFORM // AGENT STATUS
XDA · 01
DETECTION AGENT
● ACTIVE
XRA · 02
RESPONSE AGENT
● ACTIVE
CORE
XCA · 03
COMPLIANCE AGENT
● ACTIVE
XTA · 04
RED TEAM AGENT
● RUNNING
XDW · 05
DARKWEB AGENT
● ACTIVE
XECURA FABRIC // UPTIME
99.98% ● OPERATIONAL
XS-08 // ARCHITECTURE
THE XECURA AGENTIC FABRIC
// FIVE AGENTS · ONE FABRIC · COMPLETE COVERAGE

Every layer of your security,
run by AI agents that never stop.

XDA · 01
Detection
Agent
Behavioral AI threat detection. Spots novel attack patterns. Zero-day and known threat intelligence, unified.
· Behavioral analytics
· Anomaly detection
· Zero-day indicators
· Threat correlation
⚙ AGENTIC SOC · POWERED BY GOOGLE SECOPS
XRA · 02
Response
Agent
Autonomous incident containment. Isolates threats, remediates, and restores — in seconds, without human intervention.
· Auto-containment
· Playbook execution
· Forensic collection
· Root cause analysis
⚙ AGENTIC SOC · POWERED BY GOOGLE SECOPS
CORE
XCA · 03
Compliance
Agent
Real-time compliance posture across ISO 27001, SOC 2, GDPR, NIST, PCI-DSS. Audit-ready always.
· Continuous audit
· Control mapping
· Evidence collection
· Regulator-ready reports
XTA · 04
Red Team
Agent
Continuous agentic red teaming against your own estate. Finds what attackers would find — before they do.
· Continuous pentesting
· Zero-day discovery
· Exploit chain mapping
· CVSS-scored findings
XDW · 05
Darkweb
Agent
24/7 dark web surveillance. Monitors leaked credentials, stolen data, and threat actor chatter targeting your org.
· Credential leak detection
· Data breach monitoring
· Threat actor profiling
· Early warning alerts
87% faster threat detection
Detect breaches in minutes — not 204 days.
MTTR: hours → <60 seconds
Zero manual escalation. Zero downtime waiting.
Save 300+ hours/year
Always audit-ready. Zero last-minute prep.
Replace $50K+ annual pentest
365 days/year vs. once-a-year snapshot.
72hr avg. early warning
Know before your CEO does. Act before damage spreads.
XECURA AI FABRIC™
AGENT ORCHESTRATION
SHARED THREAT INTEL
UNIFIED TELEMETRY
API INTEGRATIONS
ZERO-TRUST MESH
XS-09 // COMPLIANCE
COMPLIANCE AGENT · XCA·03
// XECURA COMPLIANCE AGENT · CORE MODULE

Xecura AI ComplianceAudit-ready, every day.
Not just before the auditor arrives.

// REGULATORY FRAMEWORKS COVERED
ISO 27001
Info Security Mgmt
ISO 27701
Privacy Info Management
GDPR
Data Protection
NIST CSF
Cybersecurity Framework
PCI-DSS
Payment Card Security
OJK / BI
Indonesian Regulators
// HOW THE COMPLIANCE AGENT WORKS
01
Continuous Control Monitoring
Agent continuously checks control status across your environment — 24/7, no manual review cycles.
02
Automated Evidence Analysis
AI agent analyzes policy documents, configs, and access records to surface compliance gaps — evidence packages structured and audit-ready automatically.
03
Regulator-Ready Reporting
One-click audit reports formatted per framework. Generate ISO or OJK submission in minutes, not weeks.
300+
Hours saved per year
vs. manual compliance cycles
100%
Audit-ready, always
Zero last-minute scrambles
CORE MODULE
WHY COMPLIANCE IS THE CORE
Compliance is the strategic backbone of the Xecura Fabric. Every detection, response, and red team finding flows into a unified compliance posture — so your security operations directly fuel your audit readiness.
→ Detection alerts mapped to control gaps
→ Red team findings auto-tagged by framework
→ Darkweb leaks trigger immediate breach assessment
REPLACE THIS COST
$80K–150K
Annual compliance consultant
6–9 months
Manual audit prep cycle
Xecura
Continuous. Autonomous.
XS-10 // OFFENSIVE & INTELLIGENCE
RED TEAM AGENT · DARKWEB AGENT
// XECURA PROACTIVE DEFENSE · ALWAYS ON THE OFFENSIVE

Automated Xecura Red Teaming and Darkweb MonitoringFind what attackers find. Before they find you.

XTA · 04 // RED TEAM AGENT
Continuous Agentic
Red Teaming
Most organizations conduct red team exercises once a year — a snapshot outdated within days. Xecura's Red Team Agent runs continuously, 365 days a year, against your own estate.
Automated Penetration Testing
Full network, application, and cloud attack simulation — never stops, never misses a window.
Zero-Day Discovery & Exploit Chain Mapping
Surfaces novel attack paths with CVSS-scored severity findings.
Replace $50K+ Annual Pentest
365-day continuous coverage vs. a once-per-year snapshot that expires before the ink dries.
365
days/year active
24/7
real-time red teaming
OJK/BI
accepted report
XDW · 05 // DARKWEB AGENT
24/7 Dark Web
Surveillance
Threat actors don't announce their intentions — until they're posting your data for sale. Xecura's Darkweb Agent monitors leaked credentials, stolen data, and threat actor chatter targeting your organization, around the clock.
Credential Leak Detection
Real-time alerts when employee credentials, API keys, or session tokens appear on dark web markets.
Personal Information Identifier
Detects exposed personal data — NIK, emails, phone numbers, and financial records — before they are exploited or traded on dark web forums.
72-Hour Average Early Warning
Know before your CEO does. Act before damage spreads — 72 hours ahead of public breach disclosure.
72hr
avg. early warning
98%
detection accuracy
24/7
dark web surveillance
XS-11 // VISION
THE FUTURE OF CYBERSECURITY
// THE ROAD AHEAD · 2025–2030

Agentic security is not the future.
It is the present you haven't adopted yet.

// INDUSTRY INFLECTION TIMELINE
2025
AI-Assisted Attacks Emerge
LLMs used for phishing, code generation, and CVE analysis. Defenders largely unprepared.
2026
Mythos Redefines the Threat Model
Anthropic's Mythos proves AI can autonomously conduct nation-state-level attacks. Agentic security becomes critical.
XECURA LAUNCH
● NOW
Agentic Security Platforms Emerge
Xecura.ai leads the category. Early adopters gain structural security advantage over slower-moving competitors.
2027
Agentic Security Becomes Table Stakes
Regulators mandate continuous agentic monitoring. Organizations without AaaS face insurability and compliance crises.
2030+
Fully Autonomous Security Posture
Human security teams focus on policy and strategy. Agents handle 100% of detection, response, and compliance.
// XECURA'S VISION FOR 2030
"A world where every organization — regardless of size or security budget — has access to an autonomous, AI-powered defense fabric that matches the sophistication of any attacker. Security as a fundamental right, not a luxury."
— XECURA MISSION STATEMENT 2026
AI
Democratizing Enterprise-Grade Security
Xecura makes agentic security accessible to mid-market organizations that cannot afford a 20-person SOC team.
ML
Models That Learn Your Business
Xecura agents are continuously fine-tuned on your unique threat landscape, industry, and regulatory context.

Security That Compounds Over Time
Every incident, every finding, every near-miss makes your Xecura agents smarter. Security that gets better every day.
XS-12 // ACTION
THE TIME IS NOW
// FINAL BRIEF

The Agentic Era
is not coming.
It is here.|Xecura

Security Agents That Think, Hunt, and Act —
So Your Team Doesn't Have To.

PLATFORM ACCESS
XECURA.AI
CONTACT XECURA AI TEAM
kholif.faiz@xecura.id
SUMMIT DEMO
sales@xecura.id
DETECT IN SECONDS
RESPOND AUTONOMOUSLY
ATTACK CONTINUOUSLY
COMPLY ALWAYS
XECURA.AI  //  THE SPEED GAP  //  AI SUMMIT 2026